Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4349

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2011-4349
Last Modified 12 Dec 2011 12:00:00
Published 10 Dec 2011 12:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-4349

Summary

Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id.

Vulnerable Systems

Application

  • Freedesktop Colord 0.1.0

  • Freedesktop Colord 0.1.1

  • Freedesktop Colord 0.1.10

  • Freedesktop Colord 0.1.11

  • Freedesktop Colord 0.1.12

  • Freedesktop Colord 0.1.13

  • Freedesktop Colord 0.1.14

  • Freedesktop Colord 0.1.2

  • Freedesktop Colord 0.1.3

  • Freedesktop Colord 0.1.4

  • Freedesktop Colord 0.1.5

  • Freedesktop Colord 0.1.6

  • Freedesktop Colord 0.1.7

  • Freedesktop Colord 0.1.8

  • Freedesktop Colord 0.1.9


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=757171

CONFIRM - https://bugs.freedesktop.org/show_bug.cgi?id=42904

BID - 50814

MLIST - [oss-security] 20111125 Re: CVE Request: colord sql injections

UBUNTU - USN-1289-1

SECUNIA - 47160

SECUNIA - 46940

FEDORA - FEDORA-2011-16451

FEDORA - FEDORA-2011-16453

CONFIRM - http://gitorious.org/colord/master/commit/36549e0ed255e7dfa7852d08a75dd5f00cbd270e

CONFIRM - http://gitorious.org/colord/master/commit/1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b


Last Updated: 27 May 2016 10:57:51